STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-233619r617333_rule

Vulnerability Number

V-233619

Group Title

SRG-APP-000179-DB-000114

Rule Version

CD12-00-012300

Severity

CAT I

CCI(s)

CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

Fix Recommendation

Configure OpenSSL to meet FIPS Compliance using the following documentation in section 9.1:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1758.pdf

For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.

Check Contents

As the system administrator, run the following:

$ openssl version

If "fips" is not included in the OpenSSL version, this is a finding.

Vulnerability Number

V-233619

Documentable

False

Rule Version

CD12-00-012300

Severity Override Guidance

As the system administrator, run the following:

$ openssl version

If "fips" is not included in the OpenSSL version, this is a finding.

Check Content Reference

Target Key

5254

PostgreSQL must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments